| 1478575
|
|
AddressSanitizer: heap-use-after-free [@ Id] with READ of size 4 through [@ mozilla::camera::PCamerasChild::SendGetCaptureDevice]
|
Core
|
WebRTC: Audio/Video
|
apehrson
|
RESO
|
FIXE
|
2020-02-28
|
| 1480092
|
|
WebRTC: Use-after-free in VP8 Block Decoding
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2019-08-07
|
| 1478849
|
|
AddressSanitizer: heap-use-after-free [@ IPC::Channel::Unsound_IsClosed] with READ of size 8
|
Core
|
IPC
|
jld
|
RESO
|
FIXE
|
2024-05-30
|
| 1471953
|
|
AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:296:27 in get
|
Core
|
Audio/Video: MediaSt
|
karlt
|
RESO
|
FIXE
|
2021-09-13
|
| 1480521
|
|
js::Shape is not Compacting-GC-safe (32-bit builds)
|
Core
|
JavaScript: GC
|
tcampbell
|
RESO
|
FIXE
|
2019-08-07
|
| 1473161
|
|
Missing bounds checks in nsContentUtils::DataTransferItemToImage
|
Core
|
DOM: Core & HTML
|
annygakhokidze
|
RESO
|
FIXE
|
2019-08-07
|
| 1472925
|
|
Potential UaF of MSG from CompleteAudioContextOperations
|
Core
|
Audio/Video: MediaSt
|
karlt
|
RESO
|
FIXE
|
2019-08-07
|
| 1466577
|
|
Crash in arena_dalloc | Allocator<T>::free | MOZ_Z_inflateEnd
|
Core
|
Networking: WebSocke
|
michal.novotny
|
RESO
|
FIXE
|
2019-08-07
|
| 1467363
|
|
Intermittent GECKO(5160) | SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:218 in _cairo_gstate_fini
|
Core
|
Graphics
|
bas
|
RESO
|
FIXE
|
2020-02-28
|
| 1450989
|
|
Form submission can happen sync while !IsSafeToRunScript() and trigger chrome script
|
Core
|
DOM: Core & HTML
|
echen
|
RESO
|
FIXE
|
2019-08-07
|
| 1469309
|
|
Heap-buffer-underflow READ 8 from HalParent::RecvEnableSensorNotifications
|
Core
|
Hardware Abstraction
|
gsvelto
|
RESO
|
FIXE
|
2021-11-18
|
| 1469914
|
|
HalParent's use of observers has many UAFs
|
Core
|
Hardware Abstraction
|
gsvelto
|
RESO
|
FIXE
|
2021-11-18
|
| 1467889
|
|
Fix off-by-one error in nsITransferable IPC string length logic
|
Core
|
IPC
|
jld
|
RESO
|
FIXE
|
2019-08-07
|
| 1480517
|
|
AddressSanitizer: heap-use-after-free [@ get] through [@ nsDBusRemoteService::HandleDBusMessage] with READ of size 8
|
Toolkit
|
General
|
stransky
|
RESO
|
FIXE
|
2020-02-28
|
| 1468738
|
|
use-after-poison in [@ nsIFrame::RemoveDisplayItemDataForDeletion]
|
Core
|
Web Painting
|
jnicol
|
VERI
|
FIXE
|
2020-02-16
|
| 1466991
|
|
Assertion failure: slowNode == node (These should always be in sync!), at src/dom/base/nsINode.cpp:317
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2020-02-16
|
| 1481093
|
|
Crash [@ js::NativeObject::hasAllFlags] or Assertion failure: getElementsHeader()->initializedLength == getElementsHeader()->capacity, at /vm/NativeObject.h:545 with TypedObject
|
Core
|
JavaScript Engine
|
jcoppeard
|
VERI
|
FIXE
|
2023-12-06
|
| 1483120
|
|
heap-buffer-overflow in [@ SkDashPath::InternalFilter]
|
Core
|
Graphics: Canvas2D
|
lsalzman
|
VERI
|
FIXE
|
2020-02-16
|